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(54) Decoder and security module for a digital transmission system 



(57) A decoder 1 2 in particular for a digital television 
system and adapted to receive a transport packet 
stream containing table or section data encapsulated 
within the packet paytoads. The decoder is character- 
ised in comprising a means 80 tor filtering table or sec- 
tion date configurable in response to fitter data received 
from a portable security module 30 such as a smart 
card. 

The invention equally extends to a portable security 
module 30 including a memory holding such data as is 



necessary to configure the table or section filter 80. and 
a method for processing a transport packet stream 
including encapsulated table and section data using 
such a decoder 12 and security module 30. 

In a preferred embocBment the fitter 80 is adapted 
to ffter out co ndi tio na l access messages in response to 
the table or section filter data received from the portable 
security module 30, these messages being thereafter 
forwarded to the security module tor processing. 
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Description 

[0001] The present invention relates to a decoder and security module for a digital transmission system and method 
of operating a decoder and security module, in particular for use in a digital television system. 
5 [0002] Conventional digital television broadcast systems transmit data in the form of discrete transport stream packets 
or transport packets, each packet being of a predetermined length and containing a header and a paytoad. The MPEG 
standard is the currently favoured standard in this domain and sets out amongst other things, a predetermined format 
for such packets. 

[0003] The packet header comprises general descriptive data regarding the packet whilst the paytoad comprises the 
w date to be processed at the receiver. The packet header includes at least a packet ID or PID identifying the packet- The 
paytoad of the packet may contain audio, video or other data such as application data or, in particular, conditional 
access system data 

[0004] Conventionally; the incoming data stream is filtered by a receiver/decoder according to the PID of each packet 
Data requiring immediate processing such as audio or visual data is communicated to an appropriate processor in the 
15 form of what is conventionally known as a packefeed elementary stream or PES. This continuous flux of data, which is 
formed by assembling the paytoads of the transport packets, itself comprises a sequence of packets, each PES packet 
comprising a packet header and paytoad. 

[0005] Other data not requiring immec5ate processing may also be encapsulated within the payloads of the transport 
packets. Unlike PES data, which is treated immediately by a processor to generate a real time output this sort of data 
20 is typically processed in an asynchronous manner by the decoder processor. In this case, data is formatted in a single 
table or a series of sections or tables, each inducing a header and a paytoad, the header of the section or table includ- 
ing a table ID or TID. 

[0006] In the case where the access to a transmission is to be restricted, for example, in a pay TV system, conditional 
access data may be included in a table or section broadcast in the transport stream with the transmission. This cortfi- 
25 tionai access data is filtered by the receiver/decoder and passed to a portable security module, such as smart card, 
inserted in the decoder. The data is then processed by the smart card in order to generate, for example, a control word 
subsequently used by the decoder to descrarnbie a transmission. 

[0007] One problem with known systems lies in the volume of date that will be received and processed by tie 
receiver/decoder and notably the volume of conditional access messages eventually forwarded to the smart card or 
30 security module, in particular, the processing capabilities of a smart card processor and the capacity of the communi- 
cation channel between the decoder and smart card may be insufficient to handle a given volume of messages. This 
problem is exacerbated by the increasing tendency for programmes to be transmitted with mutopJe concSfonal access 
messages enabling access by different operators to the same programme (eg. a football match or a thematic television 
channel). 

as [0008] According to the present invention, there is provided a decoder for a digital transrrossion system adapted to 
receive a transport packet stream containing table, section or other packefeed data encapsulated wrfoin the packet pay- 
loads and characterised in that the decoder comprises a means for filtering me encapsulated date configurable in 
response to titer date received from a portable security module. 

[0009] Filtering data at the table or section level in response to information from the security module enables a more 
40 precise identification and selection of data to be carried out, for example, to extract relevant conditional access mes- 
sages addressed to the module. In practice, and as will be described below, this ffltering at the table or section level may 
be earned out after and in addition to a filtering carried out at the transport packet level. 

[001 0] Preferably, the means for filtering encapsulated data is configurable in response to filter date comprising at 
least a table ID or section ID value transmitted by the portable security module. The means for fBtering encapsulated 

45 data may equally be configurable in accordance with other data received from the portable security module 

[001 1] In a preferred embodiment, the means for filtering encapsulated data is further adapted to forward to the secu- 
rity module conditional access data obtained in accordance with the filter data received from the security module. 
[001 2] Whilst the present invention is particularly adapted to enable a reduction of the volume of conditional access 
messages communicated between the decoder and the module, it wBI be nevertheless appreciated that the encapsu- 

so lated data may be configured by the security module to extract data other than conditional access data and having a 
destination other than the security module. 

[001 3] Conditional access data filtered and forwarded to the security module may comprise entitlement control mes- 
sages (ECMs) and/or entitlement management messages (EM Ms). 

[0014] Even within a group of messages associated with a single conditional access system there may be a large 
55 number of messages irrelevant to a particular user within that system. For example, within a singje conditional access 
system a number of different groups of users may be defined leading to the generation of a number of EM Ms, not all of 
which may be relevant to a given user. 

[001 5] Preferably therefore, filter data provided by the security module comprises data used by the fitter means to 
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extract group and/or individual entitlement management messages addressed to the security module. 
[0016] in one embodiment the decoder is adapted to receive a control word generated by the security module in 
response to the conditional access data forwarded thereto, the control word being used by the decoder to descramble 
a scrambled transmission. 

5 [001 71 In addition to a filtering at the table or section level, the decoder may further carry out a transport level fatering 
in order, for example, to extract only these packets comprising data associated with the particular conditional access 
system used by the security module. Preferably, therefore the decoder further comprises a means for filtering transport 
packet data configurable in response to data received from the security module. 

[001 8] Advantageously, the means for filtering transport packet data may be conf igurable in response to data repre- 

10 senting the identity of the conditional access system received from the security module 

[001 9] In one embodiment, the transport packet filtering means is adapted to extract transport packets containing a 
program map table and a conditional access table, the decoder further comprising selection means adapted to receive 
the program map table and conditional access table from the transport packet fttering means and conditional access 
identity data from the security module and thereafter configure the transport packet filtering means to extract transport 

75 packet data associated with the conditional access system in question. 

[0020] In order to preserve security in the system, some or all communications between the security module and the 
decoder may be encrypted, in particular, the descrambimg control word generated by the security module and eventu- 
ally transmitted to the decoder may be encrypted. 

[0021 ] The present invention has been described above in relation to a decoder. Other aspects of the invention relate 
20 to a method of filtering encapsulated data in a transport packet stream and a security module for use with a decoder or 
method of the present invention . In one embodiment the security module may conveniently comprise a smart card. 
[0022] Whilst the present invention may apply to any packet transmission system comprising a transport stream layer 
and a table or section layer, the present invention is particularly applicable to a decoder adapted to receive an MPEG 
compatible data stream 

26 [0023] In this regard, the term "table, section or other packet sad data" refers in its broadest sense to any data table, 
atone a in a sequence, and comprising a header and pay load and that is itself encapsulated within a transport packet 
stream As will be described in the preferred embodiment the present invention is particularly applicable to fatering of 
data contained within an MPEG table, notably a single MPEG short form table Other embodiments are nevertheless 
conceivable, for example, in which fttering is carried out on PES packets encapsulated within the transport packet pay- 

30 loads. 

[0024] In the context of this application , the term MPEG refers to the data transmission standards developed by the 
International Standards Organisation working group "Motion Pictures Expert Group" and in particular but not exclu- 
sively the MPEG-2 standard developed for digital television applications end set out in the documents IS0 13818-1 , ISO 
13818-2, ISO 13818-3 and ISO 1 381 8-4. In the context of the present patent appl ic at i on, toe term MPEG includes all 
3S variants, modifications or developments of MPEG formats app6cable to thefieU of cigstaJ data transmission. 

[0025] As used herein, the term "smart card" includes, but not exclusively so, any chip-based card device, or object 
of similar function and performance, possessing, for example, microprocessor and/or memory storage. Included in this 
term are devices having alternative physical forms to a card, for example key-shaped devices such as are often used 
in TV decoder systems. 

40 [0026] The term "decoder" or "receiver/decoder" used herein may connote a receiver for receiving either encoded or 
non-encoded signals, for example, television and/or radio signals, which may be broadcast or transmitted by some 
other means. Embodiments of such receiver/decoders may include a decoder integral with the receiver for decoding the 
received signals, for example, in a "set-top box", a decoder functioning in combination with a physically separate 
receiver, as well as a decoder including additional functions, such as a web browser or integrated with a video recorder 

45 or a television. 

[0027] As used herein, the term "digital transmission system" includes any transmission system for transmitting or 
broadcasting digital data, for example primarily audiovisual or multimedia digital data. Whilst the present invention is 
particularly applicable to a broadcast digital television system, the invention may also be applicable to a fixed telecom- 
munications network for multimedia internet applications, to a closed circuit television, and so on. 
so [0028] As used herein, the term "digital television system" includes for example any satellite, terrestrial cable and 
other system. 

[0029] There will now be described, by way of example only, a preferred embodiment of the invention, with reference 
to the following figures, in which: 

55 Figure 1 shows the overall architecture of a digital TV system according to this embodiment; 

Figure 2 shews the architecture of the conditional access system of Figure 1 ; 
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Figure 3 shows the hierarchy of MPEG-2 packets, in particular those associated with oonditionai access messages; 

Figure 4 shows the structure of long form and short form MPEG-2 private sections; 

5 Figure 5 shows the elements of a receiver/decoder for use in this entrapment 

Figure 6 shows the elements of the receiver/decoder used to process the transport stream, in particular rn relation 
to conditional access messages; and 

10 Figure 7 shows the structure of the PID and section fitters of the filter unit of Rg. 6. 

[0030] An overview of a digital television broadcast and reception system 1 is shown in Figure 1. The invention 
includes a mostly conventional digital television system 2 which uses the MPEG-2 compression system to transmit 
compressed digital signals. In more detail. MPEG-2 compressor 3 in a broadcast centre receives a digital signal stream 
75 (for example a stream of audio or video signals). The compressor 3 is connected to a multiplexer and scrambler 4 by 
linkage 5. The multiplexer 4 receives a plurality of further input signals, assembles one or more transport streams and 
transmits compressed digital signals to a transmitter 6 of the broadcast centre via Bnkage 7, which can of course take 
a wide variety of forms including telecom links. 

[0031] The transmitter 6 transmits electromagnetic signals via uplink 8 towards a sateOite transponder 9, where tfiey 
20 are electronically processed and broadcast via a national downlink 10 to earth receiver 11, conventionally in the form 
of a dish owned or rented by the end user. The signals received by receiver 11 are transmitted to an integrated 
receiver/decoder 12 owned or rented by the end user and connected to the end user's television set 13. The 
receiver/decoder 1 2 decodes the compressed MPEG-2 signal into a television signal for the television set 13. 
[0032] A conditional access system 20 is connected to the multiplexer 4 and the receiverWeooder 12, and is located 
25 party in the broadcast centre and partly in the decoder. It enables the end user to access digital television broadcasts 
from one or more broadcast suppliers. A smartcard, capable of decrypting messages relating to commercial offers (that 
is. one or several television programmes sold by the broadcast supplier), can be inserted into the recervertieooder 12. 
Using the decoder 12 and smartcard, the end user may purchase events in either a subscription mode or a pay-per- 
view mode. 

30 [0033] An interactive system 17, also connected to the multiplexer 4 and the recerveddecoder 12 and again located 
partly in the broadcast centre and partly in the decoder, may be provided to enable the end user to interari with various 
applications via a modemmed back channel 16. 

[0034] The conditional access system 20 will now be described in more detail 

[0035] With reference to Figure 2, in overview the corrirtional access system 20 includes a Subscriber Authorization 
35 System (SAS) 21. The SAS 21 is connected to one or more Subscnber Management Systems (SMS) 22, one SMS for 
each broadcast supplier, by a respective TCP-IP linkage 23 (although other types of linkage could alternatively be 
used). Alternatively, one SMS could be shared between two broadcast suppliers, or one supplier could use two SMSs, 
and so on. 

[0036] First encrypting units in the form of ciphering units 24 utilising "mother smartcards 25 are connected to the 
40 SAS by linkage 26. Second encrypting units again in the form of ciphering units 27 utilising mother smartcards 28 are 
connected to the multiplexer 4 by linkage 29. The receiver/decoder 12 receives a "daughter" smartcard 30. It is con- 
nected directly to the SAS 21 by Communications Servers 31 via the modemmed back channel 16- The SAS sends, 
amongst other things, subscription rights to the daughter smartcard on request. 

[0037] The smartcards contain the secrets of one or more commercial operators. The "mother" smartcard encrypts 
45 different kinds of messages and the •daughter" smartcards decrypt the messages, if they have the rights to do so. 
[0038] The first and second ciphering units 24 and 27 comprise a rack, an electronic VME card with software stored 
on an EEPROM, up to 20 electronic cards and one smartcard 25 and 28 respectively, for each electronic card, one card 
28 for encrypting the ECMs and one card 25 tor encrypting the EMMs. 

[0039] The operation of the conditional access system 20 of the digital television system will now be described in more 
so detail with reference to the various components of the television system 2 and the conditional access system 20. 

Multiplexer and Scmrftler 

[0040] With reference to Figures 1 and 2, in the broadcast centre, the digital audio or video signal is f irst compressed 
55 (or bit rate reduced), using the MPEG-2 compressor 3. This compressed signal is then transmitted to the multiplexer 
and scrambler 4 via the linkage 5 in order to be multiplexed with other data, such as other compressed data 
[0041 ] The scrambler generates a control word used in the scrambling process and included in the MPEG-2 stream 
in the multiplexer. The control word is generated internally and enables the end user's integrated receiver/decoder 12 
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to descrambie the programme 

[0042] Access criteria, indicating hew the programme is commercialised, are also added to the MPEG-2 stream. The 
programme may be commerciaiised in either one of a number of "subscription" modes and/or one of a number of "Pay 
Per View" (PPV) modes or events. In the subscription mode , the end user subscribes to one or more c»mmerciaJ offers , 
5 or ''bouquets", thus getting the rights to watch every channel inside those bouquets, in the preferred embodiment up to 
960 commercial offers may be selected from a bouquet of channels. 

[0043] In the Ray Per View mode, the end user is provided with the capabffity to purchase events as he wishes. This 
can be achieved by either pre-booking the event in advance ("pre-book mode"), or by purchasing the event as soon as 
it is broadcast ("impulse mode"). In the prefened embodiment, afl users are subscribers, whether or not they watch in 
io subscription or PPV mode, but of course PPV viewers need not necessarily be subscrfoers. 

Entitlement Control M essages 

[0044] Both the control word and the access criteria are used to build an Enfittement Control Message (ECM). This 
is is a message sent in relation with a scrambled program; the message contains a control word (which allows for the 
descrambiing of the program) and the access criteria of the broadcast program. The access criteria and control word 
are transmitted to the second encrypting unit 27 via the linkage 29. In this unit an ECM is generated, encrypted and 
transmitted on to the multiplexer and scrambler 4. During a broadcast transmission, the control word typically changes 
every few seconds, and so ECMs are also periodically transmitted to enable the changing control word to be descranv 
20 Wed For redundancy purposes, each ECM typically includes two control words; the present control wortl and the next 
control word. 

[0045] Each service broadcast by a broadcast supplier in a data stream comprises a number of distinct components; 
for example a television programme includes a video component an audio component a sub-title component and so 
on. Each of these components of a service is individually scrambled and encrypted lor subsequent broadcast to the 
26 transponder 9. In respect of each scrambled component of the service, a separate ECM is required. Alternatively, a sin- 
gle ECM may be required for all of the scrambled components of a service- Multiple ECMs are also generated In the 
case where multiple conditional access systems control access to the same transmitted program. 

Programme Transmission 

30 

[0046] The multiplexer 4 receives electrical signals comprising encrypted ENWslromthe SAS 21. encrypted ECMs 
from the second encrypting unit 27 and compressed programmes from the compressor 3. The multiplexer 4 scrambles 
me prograrrtnes and serds me scrambled programmes, the encrypted EMMs and fie encrypted ECMs to a transmitter 
6 of the broadcast centre via the finkage 7. The transmitter 6 transmits electromagnetic signals towards the sateTrte 
35 transponder 9 via uplink 8. 

Programme Reception 

[0047] The satellite transponder 9 receives and processes the electromagnetic signals transmitted by the transmitter 
40 6 and transmits the signals on to the earth receiver 1 1 , conventionally in the form of a dish owned or raited by the end 
user, via downlink 10. The signals received by receiver 1 1 are transmitted to the integrated receiver/decoder 12 owned 
or rented by the end user and connected to the end user's television set 13. The receiver/decoder 12 demultiplexes the 
signals to obtain scrambled programmes with encrypted EMMs and encrypted ECMs. 

[0048] If the programme is not scrambled, that is, no ECM has been transmitted with the MPEG-2 stream, the 
45 recerverAJecoder 1 2 decompresses the data and transforms the signal into a video signal for transmission to television 
set 13. 

[0049] If the programme is scrambled, the receiver/decoder 12 extracts the corresponding ECM from the MPEG-2 
stream and passes the ECM to the "daughter" smartcard 30 of the end user. This slots into a housing in the 
receiver/decoder 12. The daughter smartcard 30 controls whether the end user has the right to decrypt the ECM and 
so to access the programme. If not, a negative status is passed to the receiver/decoder 12 to indicate that the programme 
cannot be descrambled. If the end user does have the rights, the ECM is decrypted and the control word extracted. The 
decoder 12 can then descrambie the programme using this control word. The MPEG-2 sir earn is decompressed and 
translated into a video signal tor onward transmission to television set 13. 

55 Entitlement Management Messages (EMMs) 

[0050] The EMM is a message dedicated to an individual end user (subscrfoer). or a group of end users. Each group 
may contain a given number of end users. This organisation as a group aims at optimising the bandwidth; that is, 
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access to one group can permit the reaching of a great number of end users. 

[0051] Various specific types of EMM can be used. Individual EMMs are decScated to individual subscribers, and are 
typically used in the prevision of Pay Per View services; these contain the group identifier and the position of the sub- 
scrfoer in that group. 

5 10052] Group subscription EMMs are dedicated to groups of, say, 256 individual users, and are typically used In the 
administration of some subscription services. This EMM has a group identifier and a subsenbers* group bitmap. 
[0053] Audience EMMs are dedicated to entire audiences, and might for example be used by a particular operator to 
provide certain free services. An "audience" is the totality of subscribers having smartcards which bear the same con- 
ditional access system identifier (CA ID). Finally, a "unique* EMM is addressed to the unique identifier of the smartcard. 

TO 

Subscriber Management System (SMS) 

[0054] A Subscriber Management System (SMS) 22 includes a database 32 which manages, amongst others, all of 
the end user ties, commercial offers, subscriptions, PPV details, and data regarding end user consumption and author- 
75 ization. The SMS may be physically remote from the SAS. 

[0055] Each SMS 22 transmits messages to the SAS 21 via respective linkage 23 which imply modifications to or cre- 
ations of Enticement Management Messages (EMMs) to be transmitted to end users. 

[0056] The SMS 22 also transmits messages to the SAS 21 which imply no nrxxffiicaticns or creations of EMMS but 
imply only a change in an end users state (relating to the authorization granted to the end user when ordering products 
20 or to the amount that the end user will be charged). 

[0057] The SAS 21 sends messages (typically requesting information such as callback information or biOing informa- 
tion) to the SMS 22, so that rt win be apparent that communication between the two is two-way 

Subscriber Authorization System (SAS) 

25 

[0058] The messages generated try the SMS 22 are passed via linkage 23 to the Subscrtoer Authorization System 
(SAS) 21 , which in turn generates messages acknowledging receipt of the messages generated by the SMS 21 and 
passes these acknowledgements to the SMS 22. 

[0059] In overview the SAS comprises a Subscription Chain area to give rights for subscription mode and to renew 
30 the rights automaticalry each month, a Pay Per View Chain area to give rights tor PPV events, and an EMM Injector for 
passing EMMs created by the Subscription and PPV chain areas to the muttjptexer and scrambler 4, and hence to feed 
the MPEG stream with EMMs. If other rights are to be granted such as Pay Per Rle (PPF) rights in frie case of down- 
loading computer software to a user's Personal Computer, other similar areas are aiso provided- 
[0060] One function of the SAS 21 is to manage the access rights to television programmes, avafeble as commercial 
35 offers in subscription mode or sold as PPV events according to Afferent modes of commercialisation (pre-bookmode, 
impulse mode). The SAS 21, accortfing to those rights and to information received from the SMS 22, generates EUMs 
for the subscrfcer. 

[0061 ] The EMMs are passed to the Ciphering Unit (CU) 24 for ciphering with respect to the management and exploi- 
tation keys. The CU completes the signature on the EMM and passes the EMM back to a Message Generator (MG) in 
40 the SAS 21 , where a header is added. The EMMs are passed to a Message Emitter (ME) as complete EMMs. The Mes- 
sage Generator determines the broadcast start and stop time and the rate of emission of the EMMs, and passes these 
as appropriate directions along with the EMMs to the Message Emitter. The MG only generates a given EMM once; it 
is the ME which performs cyclic transmission of the EMMs. 

[0062] On generation of an EMM. the MG assigns a unique identif ier to the EMM. When the MG passes the EMM to 
45 the ME, ft also passes the EMM ID. This enables identification of a particular EMM at both the MG and the ME. 

[0063] In systems such as simuJcrypt which are adapted to handle multiple conditional access systems e.g. associ- 
ated with multiple operators, EMM streams associated with each conditional access system are generated separately 
and multiplexed together by the multiplexer 4 prior to transmission. 

so Conditional Access Messages in the Tra nsport Stream 

[0064] The different nature of ECM and EMM messages leads to differences visa vis the mode of transmission of the 
messages in the MPEG transport stream. ECM messages, which carry the control words needed to descrambfe a pro- 
gramme are necessarily linked to the video and audio streams of the programme being transmitted, in contrast EMM 
55 messages are general messages broadcast asynchronously to transmit rights information to individual or groups of 
customers. This difference is reflected in the placing of ECM and EMM messages within the MPEG transport stream. 
[0065] As is known, MPEG transport packets are of a fixed length of 188 bytes including a header. In a standard 
packet the three bytes of the header following the synchronisation data comprise: 



6 



EP 0 964 572 A1 



TABLE I 



Transport error indicator 


1 bit 


Payload unit indicator 


1 bit 


Transport priority 


1 bit 


PID 


13 bits 


Transport scrambling control 


2 bits 


Adaptation field control 


2 bite 


Continuity counter 


4 bits 



w 

[0066] The characteristics of these fields are largely determined by the MPEG standard 

[0067] Referring to Figure 3. the organisation of data within a transport stream wffl be described. As shewn, the trans- 
port stream contains a programme association table 40 ("PAT), the PID in the header of the packet being fixed by the 
MPEG-2 standard at a value of 0x00. The programme access table 40 provides the entry point for access to programme 
20 data and contains a table referring to the PID values of the programme map tables (TMT) 41, 42 associated with a 
number of programmes. Each programme map table 41 , 42 contains in turn a reference to the PID values of the packet 
streams of the audio tables 43 and video tables 44 of that programme. 

[0068] As shown, the programme map table 42 also contains references to the PID values of other packets 45, 46 
containing additional data relating to the programme in question, tn the present case ECM date generated by a number 
25 of conditional access systems and associated with the programme in question is contained within the referred packets 
45, 46. 

[0069] in addition to the programme access table PAT 40, the MPEG transport stream further comprises a conditional 
access table 47 ("CAT"), the PID value of which is fixed at 0x01 . Any packet headers containing this PID value are thus 
automatically identified as containing access control information. The CAT table 47 refers to the PID values of MPEG 
30 packets 48, 49, 50 associated with EMM data associated with one or more conditional access systems. As with the 
PMT packets, the PID values of the EMM packets referred to m the CAT table are not fixed and may be determined at 
the choice of the system operator. 

Private Section Data 

35 

[0070] In conformity with the MPEG-2 standard, information contained with a packet payload is subject to a further 
level of structure according to the type of data being transported, in the case of audio, visual, teletext subtitle or other 
such rapidly evolving and synchronised data, the information is assembled in the form of what is known as a packet sed 
elementary stream or PES. This data steam, which is formed by assembling the payioads of the transmitted packets, 
40 itself comprises a sequence of packets, each packet comprising a packet header and payload. Unlike the transmitted 
packets in the transport stream, the length of PES packets is variable. 

[0071 ] In the case of other data, such as application data or, in this example, ECM and EMM data, a different format 
from PES packeting is proscribed, tn particular, data contained in the transport packet payload is divided into a series 
of sections or tables, the table or section header including a table ID or TID identifying the table in question. Depending 
4S on the size of the data, a section may be contained entirely within a packet payload or may be extended in a series of 
tables over a number of transport packets. In the MPEG-2 context the term Table" is often used to refer to a single table 
of data, whilst "section" refers to one of a plurality of tables with the same TID value 

[0072] As with transport packet data and PES packet data, the data structure of a table or section is additionally 
defined by the MPEG-2 standard, in particular, two possible syntax forms for private table or section data are proposed; 
so a long form or a short form, as illustrated in Rgure 4. 

[0073] In both the short and long form, the header includes at least the data 60 comprising: 



TABLE II 



Table id 


8 bits 


Section syntax indicator 


1 bit 
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TABLE II (continued) 



Private indicator/reserved 


1 bit 


ISO reserved 


2 bits 


Section length 


12bte> 



[0074] The private indicator and private section lengths are comprised of data not fixed by the MPEG-2 standard and 

which may be used by the system operator for his own purposes. 
10 [0075] In the case of short form, the header 60 is immediately followed by the paytoad data 61 . tn the case of the long 

form, a further header section 62 is provided before the paytoad 63 and the message equally includes a CRC check 

value 64. The long form, which is typically used when a message is so long that it must be divided into a number of 

sections, contains the information necessary to assemble the sections, such as the section number, the number of the 

last section in the sequence of sections etc. 
75 [0076] For further information regarding the long and short form table data, the reader is directed to the MPEG-2 

standard. 

[0077] In the case of conditional access ECM and EMM messages, the data may usually be accomodated in a single 
table and the short form will be the appropriate format. A specific syntax for such short form conditional access mes- 
sages is proposed in ffie context of the present invention, namely: 

20 



TABLE II! 



Table id (fitter data) 


8brts(1 byte) 


Section syntax indicator 


1 bit 


Private indicator/reserved 


1 bit 


ISO reserved 


2 bits 


Section length 


12 bits 


CA specific header field (titer data) 


56 bits (7 bytes) 



[0078] For such CA messages, the table id value may be set by the system operator at lor example, 0x80 and 0x81 
for ECM messages (for example, odd and even messages) and 0x82 to 0x8F for EMM messages. These values are not 

35 MPEG-2 proscribed and may be chosen at the discretion of the system operator. 

[0079] Equally, in the case of the CA specific header field, hereby designated as the first 7 bytes of the paytoad fol- 
lowing the header, the parameters may be set by the system operator to reflect, for example, the fact that the CA mes- 
sage is an EMM message carrying individual, group or audience subscription informa ti on. In the manner the "header' 
of such a table or section is extended. 

40 [0080] The advantages of such message syntax will become dear later, with regard to the processing and filtering of 
messages by the receiver/decoder, notably by using the Table id and CA specific held data. 

Receiver/decoder 

45 [0081 ] Referring to Figure 5. the elements of a receiver/decoder 1 2 or set-top box for use in a digital broadcast system 
and adapted to be used in the present invention wifl now be described. As will be understood, the basic elements of this 
decoder are largely conventional and their implementation will be within the capabilities of one skilled in the art 
[0082] As shown, the decoder 12 is equipped with several interfaces for receiving and transmitting data, in particular 
a tuner 70 for receiving broadcast MPEG transmissions, a serial interface 71 , a parallel interface 72, and a modem 73 

50 for sending and receiving data via the telephone network. The decoder also includes a first and second smart card 
reader 74 and 75. the first reader 74 for accepting the subscription smart card and the second reader 75 for accepting 
bank and/or other smart cards. 

[0083] The decoder also includes a receiver 76 for receiving infra-red control signals from a handset remote control 
77 and a Perrtel ouput for sending audiovisual signals to a television 13 connected to the decoder. 
55 [0084] Processing of digital signals received via the interfaces and generation of output signals is handled by an 
ensemble of hardware and software elements here grouped together as a central control unit 78. The software archi- 
tecture of the control unit within the decoder may correspond to that used in a known decoder and will not be described 
here in any detail, ft may be based, for example, on a virtual machine interacting via an interface layer with a lower level 
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operating system implemented in the hardware components of the decoder. In terms of hardware architecture, the con- 
trol unit 78 win be equpped with a processor, memory elements such as ROM, RAM, FLASH memory etc. as in known 
decoders. 

[0085] Applications processed by the control unit 78 may be resident applications stored in the ROM or FLASH of the 
5 decoder or applications broadcast and downloaded via the MPEG interface 2 of the decoder. Applications can include 
program guide applications, games, interactive services, teleshopping applications, as well as initiating applications to 
enable the decoder to be immediately operational upon start-up and applications for configuring aspects of the decoder. 
Applications are stored in memory locations in the decoder and represented as resource files comprising graphic object 
descriptions files, unit files, variables block files, instruction sequence files, applications f Hes, data ffles etc. 

10 

Filt ering o f Co n ditional Ac cess Dm 

[0036] Figure 6 shows in schematic form the elements necessary for processing packet and table data in accordance 
with this embodiment of the invention. As will be understood, the elements shown in this figure may be implemented in 

75 hardware, software or in combination of the two. 

[CQS7] The broadcast transmission received from the satellite receiver are passed via the conventional tuner 70 and 
an associated demodulator unit 79. The tuner 70 typically scans a range of frequencies, stopping when a chosen carrier 
frequency is detected within that range. The signals are then treated by the demodulator unit 79 which extracts and for- 
wards the transport packet stream to a demux and filter unit 80. The fitter structure of the demux and filter unit 80 will 

20 be described in detail below in relation to Figure 7. As will be understood, the actual choice of components needed to 
implement such a unit is at the discretion of the manufacturer and the most important aspect of such a unit is the chosen 
filter configuration. 

[0038] In the case of data encrypted in accordance with a conditional access system as per the present embodiment 
the filter unit interacts with a smart card 30 (or any other secure device) inserted in the decoder 12 and a channel 

26 parameter application 81 , typically implemented as a software application in the decoder. 

[0089] The filter unit 80 extracts from the transport packet stream the PMT and CAT tables present in the stream. 
Referring back to Figure 3, this filtering operation is carried out at a PIO level, the CAT tante being identified by the PID 
value 0x01 and the appropriate PMT table corresponding to the chosen broadcast channel being extracted via the PAT 
table (PID value: 0x00) and the PID value of the chosen channel identified tnihefW tabte. 

30 [0030] The channel parameter application 81 addibonafly receives from the smart card 30 an crtenSfccaticn of the con- 
ditional access system associated with that smart card . Again, referring batik to Figure 3. a first conditional access sys- 
tem is associated with ECWI and EfvIM data in the packets 45 and 48, respectively Using the concStional access system 
ID received from the smart card 30 and the PMT and CAT tables received from ihefBterunit80,She appScation 81 deter- 
mines the PID values of the conditional access packets associated rath She conditional access system in question and 

35 returns these values to the filter unit 80. 

[0091] In the case of a simplified system, where a relatively small number of ECM and EMfcAs are emitted, no other 
filtering may be necessary and these PID values may be used by the fitter unit 80 to extract all relevant ECM and EMM 
private sections from the identified packets and to thereafter forward the data contained within these sections to the 
smart card 30. 

40 [0092] This conditional access data is then processed by the microprocessor within the smart card 30 and the control 
word associated with the transmission passed to a descrambling unit 83. The descrambfing unit 83 receives scrambled 
audiovisual or other data information extracted from the transport packet stream by the demux and fitter unit 80, 
descrambles the information using the control word and thereafter passes the data to a convention MPEG-2 chip which 
prepares the data for subsequent display on the associated television display. 

45 [0(33] However, whilst a PID level filter enables an extraction of those ECM and EMM messages associated exclu- 
sively with the conditional access system in question, there may nevertheless be a large proportion of messages irrel- 
evant to the user. These messages may indude group EMM messages for other user groups, individual EMM 
messages for other users etc. The throughput of conditional access messages passed to the smart card may therefore 
be very high. Given the limitations of the processor power and memory of smart cards, this throughput may be in prac- 

50 tice more than the card can handle. 

[0034] In order to overcome this problem, the smartcard 30 is adapted to pass further filter data to the unit 80 for use 
in a section or table level filter process. 

[0095] Referring to the Table III above, tables containing conditional access data include Table id and CA specific 
header fields which are chosen to identify, for example, the preserve of an EMM or ECM (table id values 0x80 or 0x81 
55 and 0x82 to 0x8F, respectively) and the type of message (CA specific data identifying the group concerned by a group 
EMM message, the presence of an audience EMM message etc.). Depercfing on the data that it requires, the smart 
card 30 will send the necessary table id and CA specific data to configure the filter unit to extract and return only those 
conditional access messages of interest to the smart card. In this way. the flow of data sent to the smart card may be 
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reduced to conform with the processing capabilities of the smart card microprocessor. 

[0096] Referring to Figure 7, the details of the fftering unit 80 will be described. Typically; the unit may be implemented 
as a hardware resource, driven by a f irmware managing application with the receiver/decoder. As shown, a first set of 
filters 85 carries out a PID filtering process using the CA PID information received from the channel parameter applica- 
5 tion. The PID f aters 85 may equally be configured to extract other relevant packets such as the PMT. CAT tables sent to 
the channel parameter application. Other PID filters (not shown) may be used to extract the audiovisual PES packet 
information eventually sent to the descrambler etc 

[0097] Once stripped of the packet header, the private section or table data is then routed to a set of prefifters 86 
adapted to fitter the 8 bytes in the extended header of a table As shown in Table III, 1 byte of the extended header is 

w associated with the table id, 7 bytes with the CA specific information. The fitering operafion is carried out by comparison 
of the 8 byte pattern in a table with the fitter data received from the smart card. Some bits within the 8 byte, 64 bit pattern 
may be masked or ignored in the evaluation. In this embodiment 32 different patterns are proposed, a subset of these 
patterns being applied by the prefifters in dependence of the information received from the smart card. H one pattern 
matches, the section is sent to the FIFO buffer element 87. tf no pattern matches, the section is ignored. The filters 86 

is equally act to extract from the appropriate sections the PMT and CAT table information, which is passed to a FIFO 
buffer 88. 

10098] Due to the characteristics of the transport layer, the arrival of sections is bursty. The buffer capacity of the buff- 
ers 87, 88 must be sufficient to handle an average rate of 5Mbfts/s, with the insertion of packets being based on a reg- 
ular allocation with a possible deviation of ± 25%. 
20 [0099] In order to better understand the invention, a proposed example of operating instructions hanoled by the sec- 
tion titters 86 will now be outfined 

Fitter_alf__$ections (Filterjd, Target Mask, Trigger_c6nditions t p/n) 

This command retrieves every section matching the target except masked bits after trigger jxjrxfitions occured. 
25 Fftter_nextjsectton (Filterjd, Target, Mask, Trigger_conditions, p/n) 

This command retrieves the next section matching the target except masked bits after triggerjconcfitions occured. 
Trigg er_ccndrtions are related to other fitters previously identified as matching. 

Fitterjd is an index between 0 and 31 , pointing to a filter and an output queue In addition, it gives the queueing 
priority. 0 being the highest priority. 
30 Target is an 8 bytes pattern 

Mask is an 8 bytes pattern showing the bits to be masked in the target, value 0 means masked. 
Triggec_conditions ts a 32 bfc bitmap, ORing fitterjd triggering that «ter. Bit set at 0 means no trigger condition. 
Self trigger condition is ignored. 

p/n is a vafue, normally set to 1 , positive for normal operation as descrfeed above When set to 0 it means negative 
35 filtering, i.e. retrieve sections ml matching target. 

Examples of use: 

Example 1: 

40 

[0100] 

Rrter_all_sections<5, 0x8C7C463AA88BFFOO, 0XFF557FFFEEFFFF00, 0, 1} will capture all EMMs corresponding 
To matching criteria. 

45 

Example 2: 
[0101] 

so Rlter_naxl_section(0. 0x8000000000000000. 0xFTO0fXKKX)00O0^0O, 0, 1) 
Rlter_next_section(1, 0x8100000000000000. OxFR)000000000(K)00. 5. 1) 
Rrter_nex1_section(2, 0x8000000000000000, OxFR)0000000000000 . 3, 1) 

wiB start an ECM capture process with odd/even toggle 

55 
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Example 3: 
[0102] 

s Rter_next_$ection(8, 0xPMT_TID0000Version_numbertK)000OO0. 0xFR)0001 F0O0OO0O0. 0. 0) 
Filter_next_section(1, Ox8100000CM)OOOOOOO t OxFFOOOOOOOOOOOOOO, 0x14, 1) 
Rlter_next_section(2, 0x8000000000000000, OxFFOOOOOOOOOOOOOO, 0x12, 1} 

will start an ECM capture process with odd/even toggle, starting when there is a change in the PMT 
io [0103] In terms of communication of CA messages and filter data to and from the smart card 82 and filter unit 80, a 
standard protocol such as IS0781 6 may be used. Since not all of the data in the filtered private section is required by 
the smart card 82, the section may be modified and a message of the following format sent to the smart card: 



15 



20 



Table id 


8 bits 


Zero 


11 bits 


Filter id 


5 bits 


CA specific header field 


56 bits 


CA message 


N*8brts 



25 [0104] The meaning of each of these terms will be dear from the above description, tn terms of the filter data sent 
from the smart card 82 to the fBter 80, the following format may be used: 



Number of titers 


8 bits 


Filtering instruction 


5 bits 


Fitter id 


5 bits 


Target 


64 bits 


Mask 


64 bits 


Trigger conditions 


5 bits 


p/n 


1 bit 



AO 



Numbecofjilters describes the number of filters to be set in this instruction. 
45 Fittering_instruction is descrflbing the type of instruction (filter next section, fitter all sections). 

Fitterjd is an index pointing to a filter and an output queue. In addition, it gives the queueing priority, 0 being the 

highest priority. 

Target is the target pattern. 

Mask is a pattern showing the bits to be masked in the target, value 0 means masked. 
go Trigger_conditbns is a bitmap. ORing fttterjd triggering that filter. Bit set at 0 means no trigger condition. Self trig- 
ger condition is ignored. 

p/n is a value, normally set to 1 , positive for normal operation as described above. When set to 0 it means negative 
filtering, i.e., retrieve sections not matching target. 

55 [0105] In practice, communications between the smart card and the receiver/decoder may be subject to a level of 
encryption or scrambling for security reasons. In particular, communications between the smart card 82 and filter unit 
80, as well as the control word stream sent to the descrambler unit 83 may be encoded in this way. Encryption algo- 
rithms suitable for this purpose are widely known (RSA, DES etc.). 
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Claims 

1 . A decoder adapted to receive a transport packet stream containing table, section or other paokeftsed data encap- 
sulated within the packel paytoads and characterised in that the decoder comprises a means for filtering the encap- 

5 sutated data configurable in response to fitter data received from a portable security module. 

2. A decoder as claimed in claim 1 in which the means for filtering encapsulated data ts configurable in response to 
fitter data comprising at least a table ID or section ID value transmitted by the portable security module. 

io 3. A decoder as claimed in claim 1 or 2 in which the means for filtering encapsulated data is further adapted to forward 
to the security module conditional access data obtained in accordance with the fitter data received from the security 
module. 

4. A decoder as claimed in daim 3 in which conditional access data forwarded to the security module comprises errti- 
75 ttement control messages (ECMs) and/or entitlement management messages (EMMs). 

5. A decoder as claimed in claim 3 or 4 in which fitter data provided by the security module comprises data used by 
the fftter means to extract group and/or individual entitlement management messages addressed to the security 
module. 

20 

6. A decoder as claimed in any of claims 3 to 5 in which the decoder is adapted to receive a control word generated 
by the security module in response to the conditional access data forwarded thereto, the control word being used 
by the decoder to descramble a scrambled transmission. 

25 7. A decoder as claimed in any preceding claim further comprising a means for fatering transport packet date config- 
urable in response to data received from the security module. 

8. A decoder as claimed in claim 7, in which the means for filtering transport packet data is configurable in response 
to data representing the identity of the concfrHonal access system received from the security module. 

30 

9. Adecoderasdajmedtndaim8inwhichto^ 

containing a program map table and a conditional access table, the decoder further com pris ing selection means 
adapted to receive the program map table and conditional access table from tie transport packet filtering means 
and conditional access identity data from the securrty module and thereafter configure the transport packet fiterirtg 
35 means to extract transport packet data associated with the conditional access system m question. 

10. A decoder as claimed in any preceding claim adapted to process encrypt and/or decrypt communications to and 
from the portable security module. 

40 1 1. A security module for use with a decoder as claimed in any preceding claim and characterised in comprising a 
memory means for storing filter data subsequently communicated to the decoder to configure the means for titter- 
ing encapsulated data. 

12. A security module as claimed in claim 13 comprising a smart card. 

45 

13. A method of processing a transport packet stream containing table, section or other packet sed data encapsulated 
within the packet paytoads characterised by receiving the transport stream in a decoder and filtering the encapsu- 
lated data in response to fitter data received from a portable security module 

so 14. A method of processing a transport packet stream as claimed in claim 13 further comprising generating encapsu- 
lated data including conditional access data and ffltering at the decoder using the encapsulated data and in 
response to filter data supplied by the portable security module. 



55 
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